Linux Kernel nilfs2 Filesystem Buffer State Inconsistency Vulnerability

A vulnerability in the Linux kernel's nilfs2 filesystem has been addressed, which involved improper management of buffer states that could lead to use-after-free issues. This problem arose when nilfs2 detected filesystem corruption and switched to read-only mode, causing inconsistencies in how buffer heads were handled. The vulnerability was linked to callbacks that cleared buffer states unexpectedly, disrupting the normal management of dirty data and metadata buffers. The issue could be reproduced by creating new directories or files in a nilfs2 filesystem that had been corrupted and reverted to read-only, which would trigger the buffer state inconsistencies.

Impact

Exploitation of this vulnerability could lead to use-after-free conditions, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by using the nilfs2 filesystem. After introducing corruption that forces the filesystem to switch to read-only mode, create a new directory or file. This action will trigger the buffer state inconsistencies, as nilfs2 attempts to mark buffers as dirty but encounters errors due to the corrupted state.

Remediation

Users should ensure they are using a patched version of the Linux kernel where this vulnerability has been addressed.